Openresty
CVE-2021-23017
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
1DescriptionNVD
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
AnalysisAI
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-193. A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Affected products include: F5 Nginx, Openresty, Fedoraproject Fedora, Netapp Ontap Select Deploy Administration Utility, Oracle Blockchain Platform.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args func
Denial of service in OpenResty 1.29.2.1 through 1.29.2.4 arises from an out-of-bounds write (CWE-787) in the upstream PR
An issue was discovered in OpenResty before 1.15.8.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exp
In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allo
Same weakness CWE-193 – Off-by-one Error
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today